Launchpad.net

CVE 2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

Related bugs and status

CVE-2021-22876 (Candidate) is related to these bugs:

Bug #1926183: 'ua fix' tells me to reboot with inaccurate message

		In	Importance	Status
1926183	'ua fix' tells me to reboot with inaccurate message	ubuntu-advantage-tools (Ubuntu)	Medium	Fix Released
1926183	'ua fix' tells me to reboot with inaccurate message	ubuntu-advantage-tools (Ubuntu Hirsute)	Medium	Won't Fix
1926183	'ua fix' tells me to reboot with inaccurate message	ubuntu-advantage-tools (Ubuntu Impish)	Medium	Fix Released
1926183	'ua fix' tells me to reboot with inaccurate message	ubuntu-advantage-tools (Ubuntu Xenial)	Medium	Fix Released
1926183	'ua fix' tells me to reboot with inaccurate message	ubuntu-advantage-tools (Ubuntu Bionic)	Medium	Fix Committed
1926183	'ua fix' tells me to reboot with inaccurate message	ubuntu-advantage-tools (Ubuntu Groovy)	Medium	Won't Fix
1926183	'ua fix' tells me to reboot with inaccurate message	ubuntu-advantage-tools (Ubuntu Focal)	Medium	Fix Committed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-22876

Related bugs and status

Related bugs

References